sops-nix ssh key

adding sops package
flake update
2024-07-08 21:05:25 -07:00 · 2024-07-08 20:49:45 -07:00 · 2024-07-08 20:12:48 -07:00 · 2024-07-08 19:54:34 -07:00 · 2024-07-08 19:17:46 -07:00
7 changed files with 129 additions and 34 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,7 @@
+keys:
+  - &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
+creation_rules:
+  - path_regex: secrets.yaml$
+    key_groups:
+      - age:
+          - *ravenshade
--- a/flake.lock
+++ b/flake.lock
@ -140,11 +140,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1719259945,
-        "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+        "lastModified": 1720450253,
+        "narHash": "sha256-1in42htN3g3MnE3/AO5Qgs6pMWUzmtPQ7s675brO8uw=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
+        "rev": "2b6bd3c87d3a66fb0b8f2f06c985995e04b4fb96",
        "type": "github"
      },
      "original": {
@ -204,11 +204,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720289319,
-        "narHash": "sha256-E3CjSsXNDWYqoNjrKQLPdEZDLR+mVI9HMa+jY//FjBY=",
+        "lastModified": 1720470846,
+        "narHash": "sha256-7ftA4Bv5KfH4QdTRxqe8/Hz2YTKo+7IQ9n7vbNWgv28=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "10486e6b311b3c5ae1c3477fee058704cea7cb4a",
+        "rev": "2fb5c1e0a17bc6059fa09dc411a43d75f35bb192",
        "type": "github"
      },
      "original": {
@ -224,14 +224,16 @@
        "git-hooks": "git-hooks",
        "hercules-ci-effects": "hercules-ci-effects",
        "neovim-src": "neovim-src",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
      },
      "locked": {
-        "lastModified": 1720256686,
-        "narHash": "sha256-ihHXj+fp/BVpc86rCNN+Qbnpg6OrbeI+jxz6VRyzcy0=",
+        "lastModified": 1720483510,
+        "narHash": "sha256-IG/g4l/W0R2M/jxEyu/Sl3BmR/OK5D1jiahpc0wlpvE=",
        "owner": "nix-community",
        "repo": "neovim-nightly-overlay",
-        "rev": "9822e0611d49ae70278ac20c9d7b68e4797b2fab",
+        "rev": "b6b51915180e6d2eac488d6f882e4ba36bad380d",
        "type": "github"
      },
      "original": {
@ -243,11 +245,11 @@
    "neovim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1720175946,
-        "narHash": "sha256-9tiW0rkQZGhnNaIP6gWj7N/iTlCLFdD5r37R1jVOs3s=",
+        "lastModified": 1720478486,
+        "narHash": "sha256-66u+yzjk6NrFr2jj2svD3jwNX8P2B8/DNH9A51V4kh8=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "3c53e8f78511d6db9a6c804e5a479ba38c33102d",
+        "rev": "fb6c059dc55c8d594102937be4dd70f5ff51614a",
        "type": "github"
      },
      "original": {
@ -258,27 +260,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1720181791,
-        "narHash": "sha256-i4vJL12/AdyuQuviMMd1Hk2tsGt02hDNhA0Zj1m16N8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "4284c2b73c8bce4b46a6adf23e16d9e2ec8da4bb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1720031269,
-        "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
+        "lastModified": 1720418205,
+        "narHash": "sha256-cPJoFPXU44GlhWg4pUk9oUPqurPlCFZ11ZQPk21GTPU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
+        "rev": "655a58a72a6601292512670343087c2d75d859c1",
        "type": "github"
      },
      "original": {
@ -288,6 +274,22 @@
        "type": "github"
      }
    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1720282526,
+        "narHash": "sha256-dudRkHPRivMNOhd04YI+v4sWvn2SnN5ODSPIu5IVbco=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "550ac3e955c30fe96dd8b2223e37e0f5d225c927",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "backgrounds": "backgrounds",
@ -295,7 +297,29 @@
        "fish_theme": "fish_theme",
        "home-manager": "home-manager",
        "neovim-overlay": "neovim-overlay",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1720479166,
+        "narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=",
+        "owner": "mic92",
+        "repo": "sops-nix",
+        "rev": "67035a355b1d52d2d238501f8cc1a18706979760",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mic92",
+        "repo": "sops-nix",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -4,13 +4,21 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

-    neovim-overlay.url = "github:nix-community/neovim-nightly-overlay";
+    neovim-overlay = {
+      url = "github:nix-community/neovim-nightly-overlay";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    sops-nix = {
+      url = "github:mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    fish_theme = {
      url = "git+https://git.zynh.me/Zynh0722/omf-theme";
      flake = false;
--- a/home/modules/default.nix
+++ b/home/modules/default.nix
@ -14,6 +14,7 @@
    ./easyeffects.nix
    ./lazygit.nix
    ./dunst.nix
+    ./sops.nix
  ];

  nixpkgs.config.allowUnfree = true;
--- a/home/modules/sops.nix
+++ b/home/modules/sops.nix
@ -0,0 +1,30 @@
+{ lib, config, inputs, ... }:
+
+let
+  cfg = config.snowhawk.sops;
+  home = config.home.homeDirectory;
+in
+{
+  imports = [
+    inputs.sops-nix.homeManagerModules.sops
+  ];
+
+  options.snowhawk.sops = {
+    enable = lib.mkEnableOption "sops";
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops = {
+      age.keyFile = "${home}/.config/sops/age/keys.txt";
+
+      defaultSopsFile = ../../secrets.yaml;
+      validateSopsFiles = false;
+
+      secrets = {
+        "private_keys/personal_git" = {
+          path = "${home}/.ssh/personal_git";
+        };
+      };
+    };
+  };
+}
--- a/hosts/snowhawk/home.nix
+++ b/hosts/snowhawk/home.nix
@ -18,6 +18,7 @@ in
    projects.enable = true;
    lazygit.enable = true;
    dunst.enable = true;
+    sops.enable = true;
  };

  xsession.numlock.enable = true;
@ -43,6 +44,8 @@ in
    uhk-agent
    pulsemixer

+    sops
+
    obsidian
    steam

--- a/secrets.yaml
+++ b/secrets.yaml
@ -0,0 +1,22 @@
+private_keys:
+    personal_git: ENC[AES256_GCM,data:r5NXuhqltyaZpjMhz6Nh+2Nv1UI86nxtud5aPFkAfwOuBhtDLOx5dOZWZqJ/8Lf+hjyVsCRN77GNXIKmBA3UhguIzWdWSRMboDXYePxRar+i0rBQdKK24rzPLMAYRd5L1sLml1hS5eZxds+D+C5PCv4FXrkc+9xO08RPFgqJVfFbzIEM/5HAmgG1xLpK32+56/QdwW/bL2r2bheSuNXmcrciDeilVBS5/jVgIaa8mxDHQjVPi6SdL4MGt85+OpcOesqDGuTpc00H9kd/i6mOucYCw2UjHJpLYDJ202cE0pHiKenFbssiS+NqG7dWSLKD0HqhDoHLvJVaXlLT+GxEx1ec/vHAl7LgpRRpUfcEknFpsJgliPOfr1p3D2plx/ZcWqysFy3jZ5HZI3ZawRrsDdQlKpljcjCgOeCVoTlQdrjQruDV3QueLPn5ueFMx3Iks6e/PyENXp+JhdJID5dPjckSb2vp/VUP7n3PT3aNuPMluMpXFUhUwthTb/RsKBAqDUEaw0RAe1mvAaoD3ZUJtg5Q84UVuQxQHGtS,iv:fUwoEgHb2Bat/qjnedfHVzso0qfRPXuelO26CFxdud0=,tag:bqHeF1R4+IHQ/a0urVXhIA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU
+            eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K
+            ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm
+            SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
+            s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-09T04:04:27Z"
+    mac: ENC[AES256_GCM,data:DD/9KWi7rgtBa1gJBSoER2PrzFXTbkqL28yDgf6bT8uUo19N4ztm6XjzAfJuthTZPk2AuRY5J0LIiMPysHdyyCQzVlXJx7I26MQtZo+6McbGNar+rmpxOOhQE/fLV1itrJIw7vbK3SbFTycCvMt2LocQAH5H9vFhqFXJOwzbXjw=,iv:Ctp9fjHC8+F3CVyV1iVzva2BZ1rISEV5eThp1v7mb0c=,tag:IEDUeaqD7snFlk05PVeHaw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
Author	SHA1	Message	Date
Zynh Ludwig	e07dce7874	sops-nix ssh key	2024-07-08 21:05:25 -07:00
Zynh Ludwig	231fe8a462	adding sops package	2024-07-08 20:49:45 -07:00
Zynh Ludwig	0e39cd4599	flake update	2024-07-08 20:12:48 -07:00
Zynh Ludwig	9a8bd5c3cf	neovim follow nixpkgs?	2024-07-08 19:54:34 -07:00
Zynh Ludwig	6f3a5d2f60	sops-nix input added	2024-07-08 19:17:46 -07:00